EP1571782B1 - Method and apparatus for generating rules of treating an information frame - Google Patents

Method and apparatus for generating rules of treating an information frame Download PDF

Info

Publication number
EP1571782B1
EP1571782B1 EP04290585A EP04290585A EP1571782B1 EP 1571782 B1 EP1571782 B1 EP 1571782B1 EP 04290585 A EP04290585 A EP 04290585A EP 04290585 A EP04290585 A EP 04290585A EP 1571782 B1 EP1571782 B1 EP 1571782B1
Authority
EP
European Patent Office
Prior art keywords
customer
information
rule
address
information frame
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP04290585A
Other languages
German (de)
French (fr)
Other versions
EP1571782A1 (en
Inventor
David Minodier
Gilles Ivanoff
Emile Stephan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange SA
Original Assignee
France Telecom SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by France Telecom SA filed Critical France Telecom SA
Priority to AT04290585T priority Critical patent/ATE385096T1/en
Priority to DE602004011468T priority patent/DE602004011468T2/en
Priority to ES04290585T priority patent/ES2300720T3/en
Priority to EP04290585A priority patent/EP1571782B1/en
Publication of EP1571782A1 publication Critical patent/EP1571782A1/en
Application granted granted Critical
Publication of EP1571782B1 publication Critical patent/EP1571782B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • H04L12/2869Operational details of access network equipments
    • H04L12/2898Subscriber equipments

Definitions

  • the present invention relates to a method and a device for forming rules for processing an information frame transiting between two telecommunication networks.
  • the invention lies in the field of forming rules for processing information frames transiting between two telecommunication networks according to customer profiles of a telecommunication network.
  • PPP Point to Point Protocol
  • a PPP session is a session established according to a point-to-point protocol.
  • a PPP session concentrator is conventionally called a BAS, an acronym for Broadband Access Server.
  • PPP session hub routes sessions established by the various customers of a collection network to the Internet network and more particularly to the point of presence of the service provider to which they subscribe.
  • the customer can choose a contract in which the transfer rate of information sent or received by the customer is adapted to his budget and his needs. This rate is set manually by the telecommunication network operator's staff at the customer line multiplexer. If the contract is modified by the customer, an intervention of the personnel of the operator of the telecommunications network is then necessary at the level of the multiplexer of customer lines to redefine it. The response time of staff is sometimes long for customers.
  • the flow of information to a client does not match the traffic contract to which the client subscribes, the digital customer row multiplexer to which the client is connected does not transfer that information to the client.
  • the patent application WO 00/54477 discloses a method of allocating IP addresses to clients, and some of the bits of the IP address are defined according to the subscription to a service by the client.
  • This processing when the client receives information, is performed once the information has been received from the Internet and transferred by the PPP session concentrator through the telecommunication network.
  • this information unnecessarily clutter the PPP session concentrator, the collection network because they are ultimately not transferred by the digital multiplexer of customer lines to the recipient client.
  • firewalls destroy information issued by hackers.
  • These firewall systems can be integrated in the customer's connection equipment or in a dedicated device at the customer's premises. The information issued by the hackers IT is unnecessarily cluttering the PPP session concentrator, the telecommunication network and the customer line digital multiplexer as they are ultimately not handled by the customer.
  • the object of the invention is to solve the disadvantages of the prior art by proposing a method and a device for forming rules for processing information frames transiting between two telecommunication networks in which the processing rules are dynamically formed.
  • the invention also aims at information that will not be processed by the customers, even if addressed to them, will not be transmitted on the telecommunication network to which the customers are connected.
  • the invention also aims to use a collection network in which it is not necessary to establish PPP sessions through the telecommunication network to access the services of a service provider.
  • customer profiles are treated dynamically.
  • the information frame processing rule maker obtains the profile associated with the address contained in the frame and forms rules for processing the frame of the frame. information. Any modification of the customer's profile is taken into account upon receipt of an information frame sent by the customer or to the customer.
  • the processing rules can thus be adapted in real time.
  • the information frame is processed from the processing rules formed.
  • the frames of information that pass between the two telecommunication networks are processed in accordance with the services subscribed by the sending or receiving client of these information frames.
  • the processing of an information frame before it arrives on the telecommunications network to which clients are connected makes it possible to optimize the resources of the telecommunication network. Quality of service is thus maintained in the collection network for customers without the need for PPP sessions.
  • the client profile is obtained from a database comprising the client profiles connected to the remote telecommunications network of the rule-making device or from the temporary memory of the rule formation.
  • the rule-forming device can thus very quickly obtain the profile of a customer when an information frame has to be processed and thus reduce important way the processing time of the information frame.
  • client profiles are stored in the temporary memory of the rule-maker and the client profiles. whose addresses have not been read into an information frame for a predetermined time are deleted from the temporary storage of the rule-forming device.
  • a service subscribed by the client is a service in which at least one application, among all the applications of the client, is authorized or not to receive information, to the authorized application or not an identifier is associated, at least part of the information frame is included in a data packet comprising at least one identifier of the application of the destination client of the information frame, and if the identifier of the application the recipient of the information frame included in the data packet is the identifier of the authorized application or not, the information frame is transmitted or not on the telecommunications network to which the clients are connected or vice versa otherwise .
  • a service subscribed by the customer is a service in which the amount of information transmitted and / or received by the customer is limited in a predetermined time interval and if the amount of information transmitted and / or received by the customer is greater than a service limit subscribed by the customer, the frame is not transmitted on the telecommunications network to which customers are connected.
  • the information that will not be processed by the customers although addressed to them will not be transmitted on the telecommunication network to which the customers are connected.
  • the telecommunication network is used optimally.
  • the method comprises a step of processing the information frame.
  • information frames such as, for example, telecommunication network supervision frames.
  • the telecommunication network to which the customers are connected is a GigaEthernet ⁇ collection network
  • the other telecommunication network is an Internet type network
  • the rules training device is a gateway.
  • the client address is a MAC address or an IPv6 address or an address assigned respectively to each client by the digital multiplexer of client lines.
  • the invention also relates to the computer program stored on an information medium, said program comprising instructions for implementing the method of forming treatment rules described above, when it is loaded and executed by a computer system. .
  • Fig. 1 represents the architecture of the information frame processing rule formation system intended or issued by customers of a telecommunication network.
  • clients 110 access an Internet type network 180 through a digital multiplexer of telephone lines.
  • clients 130, a collection network 150 and a rule-training device 100 which processes the information frames received from the Internet network 180 or to the Internet network 180 according to the profile of the clients 110 which transmit or receive information frames.
  • the rule-forming device 100 is more precisely a gateway 100.
  • the information frame processing rule system for or from customers of a telecommunications network includes a digital customer row multiplexer 130.
  • the digital customer row multiplexer 130 is in a preferred mode adapted to dedicated physical links with clients 110a, 110b and 110c.
  • the digital customer row multiplexer 130 is known as DSLAM.
  • DSLAM is the acronym for "Digital Subscriber Line Access Multiplexor".
  • the function of the digital customer row multiplexer 130 is to group several customer lines 110a, 110b and 110c on a physical medium that transports the data exchanged between the clients 110a, 110b and 110c and the Internet network 180.
  • the clients 110a, 110b and 110c are more precisely telecommunication terminals and are connected to the digital multiplexer of customer lines 130 via the wired telephone network and use the DSL type modulation techniques.
  • DSL type modulation techniques include wireless links or fiber optic links.
  • a client is for example a telecommunication device such as a computer comprising a communication card adapted to the existing dedicated physical link with the digital multiplexer of customer lines 130 or a computer connected to an external communication device adapted to the physical link existing dedicated with the 130 lines digital multiplexer.
  • Each client 110a, 110b and 110c is allocated a unique identifier or address to distinguish it from other clients 110.
  • This address is for example the MAC address of the physical interface of the client computer or the MAC address of the interfaces. logic of the client computer.
  • this address is a unique address delivered respectively to each client by the digital multiplexer of client lines 130 in order to mask the real address of the client 110.
  • this address is an IPv6 address when the IPv6 protocol is used.
  • FIG. 1 only three clients 110a, 110b and 110c are shown, of course, a larger number of clients 110 are connected to the digital customer row multiplexer 130.
  • Each client 110 is connected to a customer line digital multiplexer 130 which is itself connected through the collection network 150 to a rule maker 100.
  • the rule maker 100 is a bridge between the 150 collection network and the Internet network 180.
  • the digital customer row multiplexer 130 preferably has DSL interfaces 140a, 140b and 140c respectively connected to the clients 110a, 110b and 110c.
  • the digital line multiplexer 130 allows access to the services offered by the Internet service providers, for example 110a 110b and 110c clients, if they have correctly identified themselves and if their identification has been validated by a server authentication associated with their Internet service provider.
  • the digital customer row multiplexer 130 has a network interface 145 connecting it to the collection network 150.
  • the collection network 150 is for example a network of GigaEthernet ⁇ type.
  • the frames of information transmitted through the collection network 150 are Ethernet frames.
  • the clients 110 In the collection network 150, the clients 110 must not establish sessions established according to a point-to-point protocol in order to be able to access the Internet network 180. It should be noted here that the source and destination addresses included in these frames of information are not modified during the routing of information frames in the collection network 150.
  • the rule training device 100 processes the information received from the Internet network 180 according to the profile of the clients 110 recipients or transmitters of this information. More specifically, the rule-forming device 100 forms from the client profile 110 a set of rules in the form of access lists or "Access List", classes and service disciplines, filters, which are applied. on frames of information that have the address corresponding to the access list or the filters.
  • the rule-forming device 100 has a network interface 160 connecting it to the collection network 150 and a network interface 165 connecting it to the Internet network 180. The rule-forming device 100 will be described in greater detail at the reference to FIG. Fig. 2.
  • the rule-forming device 100 is associated with a database 120 which includes the profiles associated with the different clients 110.
  • a profile is formed for each client 110 when the client 110 subscribes to a service provider.
  • a profile includes, for example and in a nonlimiting manner, the incoming and outgoing flows of information allocated to the client according to the type of service to which the client 110 has subscribed. These rates can be maximum rates and / or guaranteed minimum rates and this in each direction of transfer of information.
  • a profile also includes security information related to the client 110. This information indicates the port or ports of the applications available to a client 110 and which are authorized to transmit and / or receive data from the Internet network 180. These applications are for example FTP-type servers, acronym for "File Transfer Protocol" or Web servers that make available to web pages according to the HTTP protocol.
  • These profiles also include the identifier of the ISP to which customers are subscribed.
  • the collection network 150 may be connected to a PPP session concentrator (not shown in Fig. 1), which establishes PPP sessions with other clients (not shown in Fig. 1). ) via a telecommunication network and at least one digital customer row multiplexer (not shown in Fig. 1).
  • the PPP session concentrator provides the formatting of the information transmitted by these clients according to the PPP protocol in Ethernet frames before transferring them to the collection network 150 and vice versa.
  • Fig. 2 shows a block diagram of the device for processing information frame rules intended or sent by customers of a telecommunication network.
  • the rule-forming device 100 comprises a communication bus 201 to which are connected a central unit 200, a non-volatile memory 202, a random access memory 203, a client interface 205 and a network interface 206.
  • the nonvolatile memory 202 stores the programs implementing the invention as well as the algorithm which will be described later with reference to FIG. 3.
  • the non-volatile memory 302 is for example a hard disk. More generally, the programs according to the present invention are stored in storage means. This storage means is readable by a computer or a microprocessor 200. This storage means is integrated or not to the profile application device 100, and can be removable. When powering the rule-forming device 100, the programs are transferred into the RAM 203 which then contains the executable code of the invention as well as the data necessary for the implementation of the invention.
  • the rule-forming device 100 also comprises a telecommunication network interface 165. This interface makes it possible to transfer information from and / or to the Internet network 180.
  • the network interface 160 connects the rule-forming device 100 to the network. collection 150.
  • the processor 200 is able to authorize or not the transfer of data between the Internet network 180 and the clients 110 according to the rules for processing information frames formed from the profile stored in the database 120.
  • This database 120 is connected to the rule-forming device 100 via the telecommunication network 150 or the telecommunications network 180, or even via a dedicated link.
  • database 120 can also be alternatively integrated into the digital multiplexer of customer lines 130.
  • Fig. 3 represents the algorithm for forming rules for processing information frames intended or sent by customers of a telecommunications network.
  • step E300 the processor 200 of the rule-forming device 100 checks whether an information frame is received on the network interface 160 or 165.
  • the frames are preferably Ethernet type frames or IPv6 type frames.
  • processor 200 proceeds to step E301.
  • the processor 200 checks whether the respective time associated with each address included in the cache memory of the rule-forming device 100 is considered to be too old.
  • the cache memory is for example and not limited to included in the RAM 203.
  • the method according to the present invention removes from the cache memory addresses of the clients who are inactive for a predetermined time. When these various operations have been performed, the processor 200 returns to the previously described step E300.
  • processor 200 proceeds to step E302.
  • the processor 200 checks whether this frame is an incoming frame, that is to say from the Internet network 180 or whether this frame is an outgoing frame, that is to say from the collection network 150.
  • the processor 200 reads, at the step E304, in a predetermined field of the information frame, the destination address of the frame information. Once this is done, the processor 200 proceeds to the next step E305.
  • the processor 200 reads, in step E303, in a predetermined field of the information frame, the source address of the information frame. Once this is done, the processor 200 proceeds to the next step E305.
  • step E305 the processor 200 updates the cache memory of the rule-forming device 100.
  • This cache memory is included in the random access memory 203 of the rule-forming device 100.
  • the cache memory is stored the set source or destination addresses read by the processor 200 during previous passages in step E303 or E304.
  • the processor 200 updates the cache memory of the rule-forming device 100 by including it and a time associated with the address. This time associated with the address is the time of inclusion of the address in the cache memory.
  • Steps E301 and E305 provide a mechanism for managing the lifetime of the addresses stored in the cache memory.
  • the processor 200 stores, in association with the address, information such as the port number of the destination application of the information frame or the address of the service provider receiving the frame of the frame.
  • a port number is obtained by reading predetermined fields of packets conforming to the IP, TCP / IP or UDP protocol comprising Ethernet frames including the addresses.
  • TCP / IP is the acronym for Transmission Control Protocol / Internet Protocol, UDP stands for User Datagram Protocol.
  • the processor 200 checks in step E306 if there is a profile associated with the address previously read in the cache memory of the rule-forming device 100. If there is a profile associated with the address previously read in the cache memory, the processor 200 then proceeds to step E307 and reads the client profile in the cache memory. The processor 200 then proceeds to step E311.
  • step E308 in place of step E307.
  • the processor 200 controls in step E308 obtaining the profile of the client whose address has been read in steps E303 or E304. More specifically, the processor 200 controls the generation of a request for obtaining the profile of the client whose address has been read in steps E303 or E304.
  • the client profile is stored in the database 120.
  • the rule-forming device 100 comprises a client software module, for example a RADIUS module, which sends requests for obtaining a profile to the database 120 which is in this example a RADIUS 120 type server.
  • RADIUS is the acronym for "Remote Authentication Dial In User Service".
  • the database 120 from the address communicated by the rule-forming device 100, identifies the profile of the client having the same address as the address transferred by the rule-forming device 100 and transfers the different information included in the profile.
  • the profile includes the security rules that Client 110 has chosen. These security rules are, for example, rules to authorize or not the transfer of information frames to one or more applications of the client 110.
  • the profile also includes information describing the bit rate or rates that the client has chosen during his subscription to a service provider. The information describing the rate (s) chosen by the customer 110 is the traffic contract established between the customer and the service provider.
  • the processor 200 proceeds to the next step E309. At this stage, the processor 200 checks whether a profile has been transferred in response by the database 120. If no profile has been transferred, the processor 200 proceeds to step E310.
  • step E310 the processor 200 performs a processing on the frame received in step E300.
  • This frame is for example a network supervision frame and is not intended for a client 110, but for the different elements of the collection network 150.
  • the processing is for example a transfer of the frame received in step E300 on the 150. This operation performed, the processor 200 returns to step E300 waiting for a new information frame to be processed.
  • the access list 100 here comprises two rules.
  • the first rule allows frames of information from anyone (any) and to the client 10.10.0.1 on the destination port 80.
  • the second rule rejects frames of information from anyone (any) and to the destination. client 10.10.0.1 on the destination port 90.
  • the processor 200 forms, from the different flow representative information contained in the profile obtained in the step E307 or E308, a service class describing the traffic contract of the client 110.
  • the information frames processed by the class of service are then transferred to the collection network 150 or the Internet network 180 in accordance with the service contract described in the class of service definition. It should be noted here that these frames of information are prior to their transfer, placed in a queue.
  • the processor 200 then controls an application algorithm of the service discipline.
  • the service discipline enforcement algorithm transfers the information frames queued to the collection network 150 or the Internet network 180.
  • the client 110a has a subscription to a service provider whose maximum bit rate is 8 megabits per second.
  • the client 110a has two servers, a VIDEO server and a WEB server accessible by third parties.
  • the client 110a so that a certain quality in the transmission of video is guaranteed, has chosen a contract stipulating that a rate of 7.8 Megabits per second must be guaranteed for the video server.
  • the Web server when he then only has a guaranteed speed of 200 Kilobits. This information is included in the profile of the subscriber 110a stored in the database 120.
  • the first rule describes the IP packets to the 110a client's web server from anyone.
  • the second rule describes the IP packets to the 110a client's VIDEO server from anyone.
  • the processor 200 When the processor 200 has formed the processing rules from the client profile 110, the processor 200 proceeds to the next step E312.
  • the information frame is processed according to the previously formed processing rules.
  • the processing then consists of a transfer of the information frame to the network 150 or 180 or a rejection thereof.
  • Client_110a_WEB-compliant packets are routed in the 200_kbits service class, while Client_1 10a_VIDEO compliant packets are routed in the 7800_kbits service class.

Abstract

The method involves reading an address e.g. MAC address, of a client in an information frame received by a gateway (100). The client`s profile is obtained from the address, where the profile has information representing services subscribed by the client. Rules for processing the frame are formed from the profile. The frame is not transmitted if information quantity on the service is higher than a service limit. Independent claims are also included for the following: (A) a device for forming rules to process an information frame passing between two telecommunication networks (B) a computer program stored on an information medium, and including instructions for implementing a method for forming rules to process an information frame passing between two telecommunication networks.

Description

La présente invention concerne un procédé et un dispositif de formation de règles de traitement d'une trame d'informations transitant entre deux réseaux de télécommunication.The present invention relates to a method and a device for forming rules for processing an information frame transiting between two telecommunication networks.

L'invention se situe dans le domaine de la formation de règles de traitement de trames d'informations transitant entre deux réseaux de télécommunication en fonction de profils de clients d'un réseau de télécommunication.The invention lies in the field of forming rules for processing information frames transiting between two telecommunication networks according to customer profiles of a telecommunication network.

Dans les réseaux d'accès à Internet, les clients sont classiquement reliés par l'intermédiaire de liaisons physiques dédiées avec un multiplexeur numérique de lignes de clients. Ces liaisons physiques dédiées sont par exemple des liaisons de type DSL. DSL est l'acronyme de « Digital Subscriber Line ». Le multiplexeur numérique de lignes de clients est connecté à un concentrateur de sessions PPP par l'intermédiaire d'un réseau de télécommunication. PPP est l'acronyme de « Point to Point Protocol ». Une session PPP est une session établie selon un protocole point à point. Un concentrateur de sessions PPP est classiquement appelé un BAS, acronyme de Broadband Access Server. Un concentrateur de sessions PPP achemine les sessions établies par les différents clients d'un réseau de collecte vers le réseau Internet et plus particulièrement vers le point de présence du fournisseur de services auquel ils sont abonnés.In Internet access networks, customers are typically connected through dedicated physical links with a digital multiplexer of customer lines. These dedicated physical links are, for example, DSL type links. DSL stands for Digital Subscriber Line. The digital customer row multiplexer is connected to a PPP session concentrator via a telecommunication network. PPP stands for Point to Point Protocol. A PPP session is a session established according to a point-to-point protocol. A PPP session concentrator is conventionally called a BAS, an acronym for Broadband Access Server. PPP session hub routes sessions established by the various customers of a collection network to the Internet network and more particularly to the point of presence of the service provider to which they subscribe.

Lorsqu'un client s'abonne à un fournisseur de services Internet, le client peut choisir un contrat dans lequel le débit de transfert d'informations émises ou reçues par le client est adapté à son budget et à ses besoins. Ce débit est défini manuellement par le personnel de l'opérateur du réseau de télécommunication au niveau du multiplexeur de lignes de clients. Si le contrat est modifié par le client, une intervention du personnel de l'opérateur du réseau de télécommunication est alors nécessaire au niveau du multiplexeur de lignes de clients pour redéfinir celui-ci. Le délai d'intervention du personnel est parfois long pour les clients. Lorsque le flux d'informations à destination d'un client ne correspond pas au contrat de trafic auquel le client est abonné, le multiplexeur numérique de lignes de clients auquel le client est relié ne transfère pas ces informations au client.When a customer subscribes to an Internet service provider, the customer can choose a contract in which the transfer rate of information sent or received by the customer is adapted to his budget and his needs. This rate is set manually by the telecommunication network operator's staff at the customer line multiplexer. If the contract is modified by the customer, an intervention of the personnel of the operator of the telecommunications network is then necessary at the level of the multiplexer of customer lines to redefine it. The response time of staff is sometimes long for customers. When the flow of information to a client does not match the traffic contract to which the client subscribes, the digital customer row multiplexer to which the client is connected does not transfer that information to the client.

La demande de brevet WO 00/54477 divulgue un procédé d'allocation d'adresses IP à des clients, et certains des bits de l'adresse IP sont définis en fonction de la souscription à un service par le client.The patent application WO 00/54477 discloses a method of allocating IP addresses to clients, and some of the bits of the IP address are defined according to the subscription to a service by the client.

La demande de brevet US 2003/061338 divulgue un procédé d'utilisation de règles de traitement d'une trame dans lequel on lit une adresse d'un client dans la trame d'informations reçue et on obtient, à partir d'une règle de traitement de la trame, le traitement à appliquer au paquet.The patent application US 2003/061338 discloses a method of using frame processing rules in which an address of a client is read from the received information frame, and from a frame processing rule the processing is obtained. apply to the package.

Ce traitement, lorsque le client reçoit des informations, est effectué une fois que les informations ont été reçues du réseau Internet et transférées par le concentrateur de sessions PPP à travers le réseau de télécommunication. Lorsque la quantité d'informations est supérieure au débit choisi par le client, ces informations encombrent inutilement le concentrateur de sessions PPP, le réseau de collecte car elles ne sont finalement pas transférées par le multiplexeur numérique de lignes de clients au client destinataire.This processing, when the client receives information, is performed once the information has been received from the Internet and transferred by the PPP session concentrator through the telecommunication network. When the amount of information is greater than the rate chosen by the client, this information unnecessarily clutter the PPP session concentrator, the collection network because they are ultimately not transferred by the digital multiplexer of customer lines to the recipient client.

En même temps que le réseau Internet s'est déployé dans le monde, les attaques effectuées par des pirates de l'informatique ont augmenté. Afin de se protéger contre ces attaques, les clients doivent s'équiper de systèmes appelés pare-feu. Ces systèmes pare-feu détruisent les informations émises par les pirates de l'informatique. Ces systèmes pare-feu peuvent être intégrés dans l'équipement de raccordement du client ou dans un dispositif dédié chez le client. Les informations émises par les pirates de l'informatique encombrent inutilement le concentrateur de sessions PPP, le réseau de télécommunication et le multiplexeur numérique de lignes de clients car elles ne sont finalement pas traitées par le client.At the same time that the Internet has spread around the world, attacks by hackers have increased. In order to protect against these attacks, customers must equip themselves with systems called firewalls. These firewall systems destroy information issued by hackers. These firewall systems can be integrated in the customer's connection equipment or in a dedicated device at the customer's premises. The information issued by the hackers IT is unnecessarily cluttering the PPP session concentrator, the telecommunication network and the customer line digital multiplexer as they are ultimately not handled by the customer.

L'invention a pour but de résoudre les inconvénients de l'art antérieur en proposant un procédé et un dispositif de formation de règles de traitement de trames d'informations transitant entre deux réseaux de télécommunication dans lesquels les règles de traitement sont formées dynamiquement. L'invention vise aussi à ce que les informations qui ne seront pas par la suite traitées par les clients bien que leur étant adressées ne seront pas transmises sur le réseau de télécommunication auquel les clients sont reliés. L'invention vise aussi à utiliser un réseau de collecte dans lequel il n'est pas nécessaire d'établir des sessions PPP à travers le réseau de télécommunication pour accéder aux services d'un fournisseur de services.The object of the invention is to solve the disadvantages of the prior art by proposing a method and a device for forming rules for processing information frames transiting between two telecommunication networks in which the processing rules are dynamically formed. The invention also aims at information that will not be processed by the customers, even if addressed to them, will not be transmitted on the telecommunication network to which the customers are connected. The invention also aims to use a collection network in which it is not necessary to establish PPP sessions through the telecommunication network to access the services of a service provider.

A cette fin, selon un premier aspect, l'invention propose un procédé de formation de règles de traitement d'une trame d'informations transitant entre deux réseaux de télécommunication par l'intermédiaire d'un dispositif de formation de règles, à un réseau de télécommunication sont reliés des clients par l'intermédiaire d'un multiplexeur numérique de lignes de clients, la trame d'informations étant destinée à au moins un client ou émise par un client relié au réseau de télécommunication, chaque client relié au réseau de télécommunication disposant d'une adresse différente des adresses des autres clients reliés au réseau de télécommunication, caractérisé en ce que le procédé comporte les étapes effectuées par le dispositif de formation de règles de :

  • lecture d'une adresse d'un client dans la trame d'informations reçue par le dispositif de formation de règles,
  • obtention d'un profil de client à partir de l'adresse lue, le profil comprenant des informations représentatives de services souscrits par le client,
  • formation de règles de traitement de la trame d'informations à partir du profil du client obtenu.
To this end, according to a first aspect, the invention proposes a method for forming rules for processing an information frame transiting between two telecommunication networks via a rules-forming device, to a network of telecommunication are connected to customers via a digital multiplexer of customer lines, the information frame being intended for at least one customer or issued by a client connected to the telecommunications network, each client connected to the telecommunications network having an address different from the addresses of the other customers connected to the telecommunication network, characterized in that the method comprises the steps performed by the rule-making device of:
  • reading a client address in the information frame received by the rule-forming device,
  • obtaining a client profile from the address read, the profile comprising information representative of services subscribed by the client,
  • forming rules for processing the information frame from the obtained customer profile.

Corrélativement, l'invention concerne un dispositif de formation de règles de traitement d'une trame d'informations transitant entre deux réseaux de télécommunication, à un réseau de télécommunication sont reliés des clients par l'intermédiaire d'un multiplexeur numérique de lignes de clients, la trame d'informations étant destinée à au moins un client ou émise par un client relié au réseau de télécommunication, chaque client relié au réseau de télécommunication disposant d'une adresse différente des adresses des autres clients reliés au réseau de télécommunication, caractérisé en ce que le dispositif de formation de règles comporte :

  • des moyens de lecture d'une adresse d'un client dans la trame d'informations reçue par le dispositif de formation de règles,
  • des moyens d'obtention d'un profil de client à partir de l'adresse lue, le profil comprenant des informations représentatives de services souscrits par le client,
  • des moyens de formation de règles de traitement de la trame d'informations à partir du profil du client obtenu.
Correlatively, the invention relates to a device for forming rules for processing an information frame transiting between two telecommunication networks, to a telecommunication network are connected customers via a digital multiplexer of customer lines. , the information frame being intended for at least one client or issued by a client connected to the telecommunication network, each client connected to the telecommunication network having an address different from the addresses of the other customers connected to the telecommunication network, characterized in what the rule-forming device comprises:
  • means for reading an address of a client in the information frame received by the rule-forming device,
  • means for obtaining a client profile from the address read, the profile comprising information representative of services subscribed by the client,
  • means for forming rules for processing the information frame from the obtained customer profile.

Ainsi les profils des clients sont traités dynamiquement. Lorsqu'un client reçoit ou émet une trame d'informations, le dispositif de formation de règles de traitement d'une trame d'informations obtient le profil associé à l'adresse contenue dans la trame et forme des règles de traitement de la trame d'informations. Toute modification du profil du client est prise en compte dès la réception d'une trame d'informations émise par le client ou à destination du client. Les règles de traitement peuvent ainsi être adaptées en temps réel.Thus customer profiles are treated dynamically. When a client receives or transmits an information frame, the information frame processing rule maker obtains the profile associated with the address contained in the frame and forms rules for processing the frame of the frame. information. Any modification of the customer's profile is taken into account upon receipt of an information frame sent by the customer or to the customer. The processing rules can thus be adapted in real time.

Selon un autre aspect de l'invention, on traite la trame d'informations à partir des règles de traitement formées.According to another aspect of the invention, the information frame is processed from the processing rules formed.

Ainsi, les trames d'informations qui transitent entre les deux réseaux de télécommunication sont traitées conformément aux services souscrits par le client émetteur ou destinataire de ces trames d'informations. Le traitement d'une trame d'informations avant son arrivée sur le réseau de télécommunication auquel sont reliés des clients, permet d'optimiser les ressources du réseau de télécommunication. La qualité de service est ainsi maintenue dans le réseau de collecte pour les clients et cela sans avoir à recourir à des sessions PPP.Thus, the frames of information that pass between the two telecommunication networks are processed in accordance with the services subscribed by the sending or receiving client of these information frames. The processing of an information frame before it arrives on the telecommunications network to which clients are connected makes it possible to optimize the resources of the telecommunication network. Quality of service is thus maintained in the collection network for customers without the need for PPP sessions.

Selon un autre aspect de l'invention, le profil de client est obtenu à partir d'une base de données comprenant les profils de clients reliés au réseau de télécommunication distante du dispositif de formation de règles ou à partir de la mémoire temporaire du dispositif de formation de règles.According to another aspect of the invention, the client profile is obtained from a database comprising the client profiles connected to the remote telecommunications network of the rule-making device or from the temporary memory of the rule formation.

Ainsi, en utilisant une base de données distante du dispositif de formation de règles et comprenant les profils de clients reliés au réseau de télécommunication, il est possible de centraliser toutes les informations relatives aux services souscrits par les différents clients et de modifier facilement cette base de données en fonction de l'évolution des clients en ce qui concerne les services auxquels ils s'abonnent. En utilisant la mémoire du dispositif de formation de règles comme moyen de mémorisation de profils de clients, le dispositif de formation de règles peut ainsi obtenir très rapidement le profil d'un client lorsqu'une trame d'informations doit être traitée et ainsi réduire de manière importante le délai de traitement de la trame d'informations.Thus, by using a remote database of the rules-training device and comprising the profiles of customers connected to the telecommunication network, it is possible to centralize all the information relating to the services subscribed by the different customers and to easily modify this database of data according to the evolution of the customers with regard to the services to which they subscribe. By using the memory of the rule-forming device as a means for storing customer profiles, the rule-forming device can thus very quickly obtain the profile of a customer when an information frame has to be processed and thus reduce important way the processing time of the information frame.

Selon un autre aspect de l'invention, des profils de clients sont mémorisés dans la mémoire temporaire du dispositif de formation de règles et les profils de clients dont les adresses n'ont pas été lues dans une trame d'informations pendant un temps prédéterminé sont supprimés de la mémoire temporaire du dispositif de formation de règles.In another aspect of the invention, client profiles are stored in the temporary memory of the rule-maker and the client profiles. whose addresses have not been read into an information frame for a predetermined time are deleted from the temporary storage of the rule-forming device.

Ainsi, seuls les profils des clients actifs sont mémorisés dans la mémoire du dispositif de traitement. La quantité de mémoire du dispositif de traitement allouée pour la mémorisation des profils est ainsi réduite.Thus, only the profiles of the active clients are stored in the memory of the processing device. The amount of memory of the processing device allocated for storing the profiles is thus reduced.

Selon un autre aspect de l'invention, un service souscrit par le client est un service dans lequel au moins une application, parmi l'ensemble des applications du client, est autorisée ou non à recevoir des informations, à l'application autorisée ou non est associé un identifiant, au moins une partie de la trame d'informations est comprise dans un paquet de données comprenant au moins un identifiant de l'application du client destinataire de la trame d'informations, et si l'identifiant de l'application destinataire de la trame d'informations compris dans le paquet de données est l'identifiant de l'application autorisée ou non, la trame d'informations est transmise ou non sur le réseau de télécommunication auquel sont reliés les clients ou inversement dans le cas contraire.According to another aspect of the invention, a service subscribed by the client is a service in which at least one application, among all the applications of the client, is authorized or not to receive information, to the authorized application or not an identifier is associated, at least part of the information frame is included in a data packet comprising at least one identifier of the application of the destination client of the information frame, and if the identifier of the application the recipient of the information frame included in the data packet is the identifier of the authorized application or not, the information frame is transmitted or not on the telecommunications network to which the clients are connected or vice versa otherwise .

Ainsi, seules certaines applications des clients sont accessibles et les risques liés à des attaques par des pirates de l'informatique sont réduits. De plus les informations générées par des pirates de l'informatique ne sont pas transmises dans le réseau de télécommunication.Thus, only certain client applications are accessible and the risks associated with attacks by hackers are reduced. Moreover information generated by hackers are not transmitted in the telecommunication network.

Selon un autre aspect de l'invention, un service souscrit par le client est un service dans lequel la quantité d'informations transmise et/ou reçue par le client est limitée dans un intervalle de temps prédéterminé et si la quantité d'informations transmise et/ou reçue par le client est supérieure à une limite du service souscrit par le client, la trame n'est pas transmise sur le réseau de télécommunication auquel sont reliés les clients.According to another aspect of the invention, a service subscribed by the customer is a service in which the amount of information transmitted and / or received by the customer is limited in a predetermined time interval and if the amount of information transmitted and / or received by the customer is greater than a service limit subscribed by the customer, the frame is not transmitted on the telecommunications network to which customers are connected.

Ainsi, les informations qui ne seront pas par la suite traitées par les clients bien que leur étant adressées ne seront pas transmises sur le réseau de télécommunication auquel les clients sont reliés. De cette façon, le réseau de télécommunication est utilisé de manière optimale.Thus, the information that will not be processed by the customers although addressed to them will not be transmitted on the telecommunication network to which the customers are connected. In this way, the telecommunication network is used optimally.

Selon un autre aspect de l'invention, si aucun profil n'est obtenu à partir de l'adresse lue, le procédé comporte une étape de traitement de la trame d'informations.According to another aspect of the invention, if no profile is obtained from the address read, the method comprises a step of processing the information frame.

Ainsi, il est possible de traiter des trames d'informations telles que par exemple des trames de supervision du réseau de télécommunication.Thus, it is possible to process information frames such as, for example, telecommunication network supervision frames.

Selon un autre aspect de l'invention, le réseau de télécommunication auquel sont reliés les clients est un réseau de collecte GigaEthernet ©, l'autre réseau de télécommunication est un réseau de type Internet et le dispositif de formation de règles est une passerelle.According to another aspect of the invention, the telecommunication network to which the customers are connected is a GigaEthernet © collection network, the other telecommunication network is an Internet type network and the rules training device is a gateway.

Selon un autre aspect de l'invention, l'adresse du client est une adresse MAC ou une adresse IPv6 ou une adresse attribuée respectivement à chaque client par le multiplexeur numérique de lignes de clients.According to another aspect of the invention, the client address is a MAC address or an IPv6 address or an address assigned respectively to each client by the digital multiplexer of client lines.

L'invention concerne aussi le programme d'ordinateur stocké sur un support d'informations, ledit programme comportant des instructions permettant de mettre en oeuvre le procédé de formation de règles de traitement précédemment décrit, lorsqu'il est chargé et exécuté par un système informatique.The invention also relates to the computer program stored on an information medium, said program comprising instructions for implementing the method of forming treatment rules described above, when it is loaded and executed by a computer system. .

Les caractéristiques de l'invention mentionnées ci-dessus, ainsi que d'autres, apparaîtront plus clairement à la lecture de la description suivante d'un exemple de réalisation, ladite description étant faite en relation avec les dessins joints, parmi lesquels:

  • la Fig. 1 représente l'architecture du système de formation de règles de traitement de trames d'informations destinées ou émises par des clients d'un réseau de télécommunication;
  • la Fig. 2 représente un schéma bloc du dispositif de formation de règles de traitement de trames d'informations destinées ou émises par des clients d'un réseau de télécommunication ;
  • la Fig. 3 représente l'algorithme de formation de règles de traitement de trames d'informations destinées ou émises par des clients d'un réseau de télécommunication.
The characteristics of the invention mentioned above, as well as others, will appear more clearly on reading the following description of an exemplary embodiment, said description being given in relation to the attached drawings, among which:
  • FIG. 1 represents the architecture of the information frame processing rule formation system intended or issued by customers of a telecommunication network;
  • FIG. 2 is a block diagram of the information frame processing rule formation device intended or sent by clients of a telecommunication network;
  • FIG. 3 represents the algorithm for forming rules for processing information frames intended or sent by customers of a telecommunications network.

La Fig. 1 représente l'architecture du système de formation de règles de traitement de trames d'informations destinées ou émises par des clients d'un réseau de télécommunication.Fig. 1 represents the architecture of the information frame processing rule formation system intended or issued by customers of a telecommunication network.

Dans le système de formation de règles de traitement de trames d'informations destinées ou émises par des clients d'un réseau de télécommunication, des clients 110 accèdent à un réseau de type Internet 180 par l'intermédiaire d'un multiplexeur numérique de lignes de clients 130, d'un réseau de collecte 150 et d'un dispositif de formation de règles 100 qui traite les trames d'informations reçues du réseau Internet 180 ou à destination du réseau Internet 180 en fonction du profil des clients 110 qui émettent ou qui sont destinataires des trames d'informations. Le dispositif de formation de règles 100 est plus précisément une passerelle 100.In the information frame processing rule formation system for or from customers of a telecommunication network, clients 110 access an Internet type network 180 through a digital multiplexer of telephone lines. clients 130, a collection network 150 and a rule-training device 100 which processes the information frames received from the Internet network 180 or to the Internet network 180 according to the profile of the clients 110 which transmit or receive information frames. The rule-forming device 100 is more precisely a gateway 100.

Le système de formation de règles de traitement de trames d'informations destinées ou émises par des clients d'un réseau de télécommunication comprend un multiplexeur numérique de lignes de clients 130. Le multiplexeur numérique de lignes de clients 130 est dans un mode préféré adapté à des liaisons physiques dédiées avec des clients 110a, 110b et 110c. Lorsque les liaisons sont de type DSL, le multiplexeur numérique de lignes de clients 130 est connu sous le terme DSLAM. DSLAM est l'acronyme de « Digital Subscriber Line Access Multiplexor ».The information frame processing rule system for or from customers of a telecommunications network includes a digital customer row multiplexer 130. The digital customer row multiplexer 130 is in a preferred mode adapted to dedicated physical links with clients 110a, 110b and 110c. When the links are of the DSL type, the digital customer row multiplexer 130 is known as DSLAM. DSLAM is the acronym for "Digital Subscriber Line Access Multiplexor".

Le multiplexeur numérique de lignes de clients 130 a pour fonction de regrouper plusieurs lignes de clients 110a, 110b et 110c sur un support physique qui assure le transport des données échangées entre les clients 110a, 110b et 110c et le réseau Internet 180.The function of the digital customer row multiplexer 130 is to group several customer lines 110a, 110b and 110c on a physical medium that transports the data exchanged between the clients 110a, 110b and 110c and the Internet network 180.

Les clients 110a, 110b et 110c sont plus précisément des terminaux de télécommunication et sont reliés au multiplexeur numérique de lignes de clients 130 par l'intermédiaire du réseau téléphonique filaire et utilisent les techniques de modulations de type DSL. Bien entendu d'autres types de liaisons physiques dédiées peuvent être utilisées. Par exemple et de manière non limitative, ces liaisons peuvent être aussi des liaisons sans fils ou des liaisons par fibres optiques.The clients 110a, 110b and 110c are more precisely telecommunication terminals and are connected to the digital multiplexer of customer lines 130 via the wired telephone network and use the DSL type modulation techniques. Of course, other types of dedicated physical links can be used. For example and without limitation, these links may also be wireless links or fiber optic links.

Un client est par exemple un dispositif de télécommunication tel qu'un ordinateur comprenant une carte de communication adaptée à la liaison physique dédiée existant avec le multiplexeur numérique de lignes de clients 130 ou un ordinateur relié à un dispositif de communication externe adapté à la liaison physique dédiée existant avec le multiplexeur numérique de lignes de clients 130.A client is for example a telecommunication device such as a computer comprising a communication card adapted to the existing dedicated physical link with the digital multiplexer of customer lines 130 or a computer connected to an external communication device adapted to the physical link existing dedicated with the 130 lines digital multiplexer.

A chaque client 110a, 110b et 110c est alloué un identifiant ou adresse unique permettant de le distinguer des autres clients 110. Cette adresse est par exemple l'adresse MAC de l'interface physique de l'ordinateur client ou l'adresse MAC des interfaces logiques de l'ordinateur client. En variante, cette adresse est une adresse unique délivrée respectivement à chaque client par le multiplexeur numérique de lignes de clients 130 afin de masquer l'adresse réelle du client 110. Dans une autre variante, cette adresse est une adresse IPv6 lorsque le protocole IPv6 est utilisé.Each client 110a, 110b and 110c is allocated a unique identifier or address to distinguish it from other clients 110. This address is for example the MAC address of the physical interface of the client computer or the MAC address of the interfaces. logic of the client computer. In a variant, this address is a unique address delivered respectively to each client by the digital multiplexer of client lines 130 in order to mask the real address of the client 110. In another variant, this address is an IPv6 address when the IPv6 protocol is used.

En Fig. 1 seulement trois clients 110a, 110b et 110c sont représentés, bien entendu, un nombre plus important de clients 110 sont reliés au multiplexeur numérique de lignes de clients 130.In FIG. 1 only three clients 110a, 110b and 110c are shown, of course, a larger number of clients 110 are connected to the digital customer row multiplexer 130.

Chaque client 110 est relié à un multiplexeur numérique de lignes de clients 130 qui est lui-même connecté par l'intermédiaire du réseau de collecte 150 à un dispositif de formation de règles 100. Le dispositif de formation de règles 100 est une passerelle entre le réseau de collecte 150 et le réseau Internet 180.Each client 110 is connected to a customer line digital multiplexer 130 which is itself connected through the collection network 150 to a rule maker 100. The rule maker 100 is a bridge between the 150 collection network and the Internet network 180.

Le multiplexeur numérique de lignes de clients 130 dispose préférentiellement d'interfaces DSL 140a, 140b et 140c reliées respectivement aux clients 110a, 110b et 110c. Le multiplexeur numérique de lignes de clients 130 autorise l'accès aux services proposés par les fournisseurs de services à Internet, par exemple aux clients 110a 110b et 110c, si ceux-ci se sont correctement identifiés et si leur identification a été validée par un serveur d'authentification associé à leur fournisseur de service Internet. Le multiplexeur numérique de lignes de clients 130 comporte une interface réseau 145 le reliant au réseau de collecte 150.The digital customer row multiplexer 130 preferably has DSL interfaces 140a, 140b and 140c respectively connected to the clients 110a, 110b and 110c. The digital line multiplexer 130 allows access to the services offered by the Internet service providers, for example 110a 110b and 110c clients, if they have correctly identified themselves and if their identification has been validated by a server authentication associated with their Internet service provider. The digital customer row multiplexer 130 has a network interface 145 connecting it to the collection network 150.

Le réseau de collecte 150 est par exemple un réseau de type GigaEthernet ©. Les trames d'informations transmises à travers le réseau de collecte 150 sont des trames Ethernet. Dans le réseau de collecte 150, les clients 110 ne doivent pas établir des sessions établies selon un protocole point à point afin de pouvoir accéder au réseau Internet 180. Il est à remarquer ici que les adresses source et destination comprises dans ces trames d'informations ne sont pas modifiées au cours de l'acheminement des trames d'informations dans le réseau de collecte 150.The collection network 150 is for example a network of GigaEthernet © type. The frames of information transmitted through the collection network 150 are Ethernet frames. In the collection network 150, the clients 110 must not establish sessions established according to a point-to-point protocol in order to be able to access the Internet network 180. It should be noted here that the source and destination addresses included in these frames of information are not modified during the routing of information frames in the collection network 150.

Le dispositif de formation de règles 100 traite les informations reçues du réseau Internet 180 en fonction du profil des clients 110 destinataires ou émetteurs de ces informations. Plus précisément, le dispositif de formation de règles 100 forme à partir du profil des clients 110 un ensemble de règles sous la forme de listes d'accès ou « Access List », de classes et de disciplines de service, de filtres, qui sont appliqués sur les trames d'informations qui ont l'adresse correspondant à la liste d'accès ou aux filtres. Le dispositif de formation de règles 100 comporte une interface réseau 160 le reliant au réseau de collecte 150 ainsi qu'une interface réseau 165 le reliant au réseau Internet 180. Le dispositif de formation de règles 100 sera décrit plus en détail à la référence à la Fig. 2.The rule training device 100 processes the information received from the Internet network 180 according to the profile of the clients 110 recipients or transmitters of this information. More specifically, the rule-forming device 100 forms from the client profile 110 a set of rules in the form of access lists or "Access List", classes and service disciplines, filters, which are applied. on frames of information that have the address corresponding to the access list or the filters. The rule-forming device 100 has a network interface 160 connecting it to the collection network 150 and a network interface 165 connecting it to the Internet network 180. The rule-forming device 100 will be described in greater detail at the reference to FIG. Fig. 2.

Au dispositif de formation de règles 100 est associée une base de données 120 qui comprend les profils associés aux différents clients 110. Un profil est formé pour chaque client 110 lorsque le client 110 s'abonne à un fournisseur de services. Un profil comprend par exemple et de manière non limitative les débits entrant et sortant d'informations alloués au client selon le type de service auquel le client 110 a souscrit. Ces débits peuvent être des débits maximums et/ou des débits minimums garantis et cela dans chaque sens de transfert des informations. Un profil comprend aussi des informations de sécurité liées au client 110. Ces informations indiquent le ou les ports des applications dont dispose un client 110 et qui sont autorisées à transmettre et/ou recevoir des données issues du réseau Internet 180. Ces applications sont par exemples des serveurs de type FTP, acronyme de « File Transfert Protocol » ou des serveurs WEB qui mettent à la disposition des pages WEB selon le protocole HTTP. Ces profils comportent aussi l'identifiant du fournisseur de services Internet auquel les clients sont abonnés.The rule-forming device 100 is associated with a database 120 which includes the profiles associated with the different clients 110. A profile is formed for each client 110 when the client 110 subscribes to a service provider. A profile includes, for example and in a nonlimiting manner, the incoming and outgoing flows of information allocated to the client according to the type of service to which the client 110 has subscribed. These rates can be maximum rates and / or guaranteed minimum rates and this in each direction of transfer of information. A profile also includes security information related to the client 110. This information indicates the port or ports of the applications available to a client 110 and which are authorized to transmit and / or receive data from the Internet network 180. These applications are for example FTP-type servers, acronym for "File Transfer Protocol" or Web servers that make available to web pages according to the HTTP protocol. These profiles also include the identifier of the ISP to which customers are subscribed.

Il est à remarquer ici qu'en variante, le réseau de collecte 150 peut être relié à un concentrateur de sessions PPP (non représenté en Fig. 1), qui établit des sessions PPP avec d'autres clients (non représentés en Fig. 1) par l'intermédiaire d'un réseau de télécommunication et d'au moins un multiplexeur numérique de lignes de clients (non représentés en Fig. 1). Le concentrateur de sessions PPP assure dans cette variante la mise en forme des informations émises par ces clients selon le protocole PPP en trames Ethernet avant de transférer celles-ci sur le réseau de collecte 150 et réciproquement.It should be noted here that, alternatively, the collection network 150 may be connected to a PPP session concentrator (not shown in Fig. 1), which establishes PPP sessions with other clients (not shown in Fig. 1). ) via a telecommunication network and at least one digital customer row multiplexer (not shown in Fig. 1). In this variant, the PPP session concentrator provides the formatting of the information transmitted by these clients according to the PPP protocol in Ethernet frames before transferring them to the collection network 150 and vice versa.

La Fig. 2 représente un schéma bloc du dispositif de formation de règles de traitement de trames d'informations destinées ou émises par des clients d'un réseau de télécommunication.Fig. 2 shows a block diagram of the device for processing information frame rules intended or sent by customers of a telecommunication network.

Le dispositif de formation de règles 100 comporte un bus de communication 201 auquel sont reliées une unité centrale 200, une mémoire non volatile 202, une mémoire vive 203, une interface clients 205 et une interface réseau 206.The rule-forming device 100 comprises a communication bus 201 to which are connected a central unit 200, a non-volatile memory 202, a random access memory 203, a client interface 205 and a network interface 206.

La mémoire non volatile 202 mémorise les programmes mettant en oeuvre l'invention ainsi que l'algorithme qui sera décrit ultérieurement en référence à la Fig. 3. La mémoire non volatile 302 est par exemple un disque dur. De manière plus générale, les programmes selon la présente invention sont mémorisés dans un moyen de stockage. Ce moyen de stockage est lisible par un ordinateur ou un microprocesseur 200. Ce moyen de stockage est intégré ou non au dispositif d'application de profils 100, et peut être amovible. Lors de la mise sous tension du dispositif de formation de règles 100, les programmes sont transférés dans la mémoire vive 203 qui contient alors le code exécutable de l'invention ainsi que les données nécessaires à la mise en oeuvre de l'invention.The nonvolatile memory 202 stores the programs implementing the invention as well as the algorithm which will be described later with reference to FIG. 3. The non-volatile memory 302 is for example a hard disk. More generally, the programs according to the present invention are stored in storage means. This storage means is readable by a computer or a microprocessor 200. This storage means is integrated or not to the profile application device 100, and can be removable. When powering the rule-forming device 100, the programs are transferred into the RAM 203 which then contains the executable code of the invention as well as the data necessary for the implementation of the invention.

Le dispositif de formation de règles 100 comporte aussi une interface réseau de télécommunication 165. Cette interface permet le transfert d'informations de et/ou vers le réseau Internet 180. L'interface réseau 160 relie le dispositif de formation de règles 100 au réseau de collecte 150.The rule-forming device 100 also comprises a telecommunication network interface 165. This interface makes it possible to transfer information from and / or to the Internet network 180. The network interface 160 connects the rule-forming device 100 to the network. collection 150.

Le processeur 200 est apte à autoriser ou non le transfert de données entre le réseau Internet 180 et les clients 110 selon les règles de traitement de trames d'informations formées à partir du profil mémorisé dans la base de données 120.The processor 200 is able to authorize or not the transfer of data between the Internet network 180 and the clients 110 according to the rules for processing information frames formed from the profile stored in the database 120.

Cette base de données 120 est reliée au dispositif de formation de règles 100 par l'intermédiaire du réseau de télécommunication 150 ou du réseau de télécommunication 180, voire par l'intermédiaire d'une liaison dédiée.This database 120 is connected to the rule-forming device 100 via the telecommunication network 150 or the telecommunications network 180, or even via a dedicated link.

Il est à remarquer que la base de données 120 peut aussi être, en variante intégrée dans le multiplexeur numérique de lignes de clients 130.It should be noted that the database 120 can also be alternatively integrated into the digital multiplexer of customer lines 130.

La Fig. 3 représente l'algorithme de formation de règles de traitement de trames d'informations destinées ou émises par des clients d'un réseau de télécommunication.Fig. 3 represents the algorithm for forming rules for processing information frames intended or sent by customers of a telecommunications network.

A l'étape E300, le processeur 200 du dispositif de formation de règles 100 vérifie si une trame d'informations est reçue sur l'interface réseau 160 ou 165. Les trames sont préférentiellement des trames de type Ethernet ou des trames de type IPv6.In step E300, the processor 200 of the rule-forming device 100 checks whether an information frame is received on the network interface 160 or 165. The frames are preferably Ethernet type frames or IPv6 type frames.

Dans la négative, le processeur 200 passe à l'étape E301. A cette étape, le processeur 200 vérifie si l'heure respective associée à chaque adresse comprise dans la mémoire cache du dispositif de formation de règles 100 est considérée comme trop ancienne. Il est à remarquer que la mémoire cache est par exemple et de manière non limitative inclue dans la mémoire vive 203. En effet, le procédé selon la présente invention supprime de la mémoire cache les adresses des clients qui sont inactifs pendant un temps prédéterminé. Lorsque ces différentes opérations ont été effectuées, le processeur 200 retourne à l'étape E300 précédemment décrite.If not, processor 200 proceeds to step E301. At this stage, the processor 200 checks whether the respective time associated with each address included in the cache memory of the rule-forming device 100 is considered to be too old. It should be noted that the cache memory is for example and not limited to included in the RAM 203. In fact, the method according to the present invention removes from the cache memory addresses of the clients who are inactive for a predetermined time. When these various operations have been performed, the processor 200 returns to the previously described step E300.

Lorsqu'une trame d'informations est reçue à l'étape E300, le processeur 200 passe à l'étape E302. Le processeur 200 vérifie si cette trame est une trame entrante, c'est-à-dire issue du réseau Internet 180 ou si cette trame est une trame sortante, c'est-à-dire issue du réseau de collecte 150. Lorsque la trame est une trame entrante reçue par l'interface réseau 165, le processeur 200 lit, à l'étape E304, dans un champ prédéterminé de la trame d'informations, l'adresse de destination de la trame d'informations. Cette opération effectuée, le processeur 200 passe à l'étape suivante E305.When an information frame is received in step E300, processor 200 proceeds to step E302. The processor 200 checks whether this frame is an incoming frame, that is to say from the Internet network 180 or whether this frame is an outgoing frame, that is to say from the collection network 150. When the frame is an incoming frame received by the network interface 165, the processor 200 reads, at the step E304, in a predetermined field of the information frame, the destination address of the frame information. Once this is done, the processor 200 proceeds to the next step E305.

Lorsque la trame est une trame sortante reçue par l'interface réseau 160, le processeur 200 lit, à l'étape E303, dans un champ prédéterminé de la trame d'informations, l'adresse source de la trame d'informations. Cette opération effectuée, le processeur 200 passe à l'étape suivante E305.When the frame is an outgoing frame received by the network interface 160, the processor 200 reads, in step E303, in a predetermined field of the information frame, the source address of the information frame. Once this is done, the processor 200 proceeds to the next step E305.

A l'étape E305, le processeur 200 met à jour la mémoire cache du dispositif de formation de règles 100. Cette mémoire cache est comprise dans la mémoire vive 203 du dispositif de formation de règles 100. Dans la mémoire cache est mémorisé l'ensemble des adresses source ou destination lues par le processeur 200 lors de précédents passages à l'étape E303 ou E304. Lorsque l'adresse précédemment lue à l'étape E303 ou E304 n'existe pas dans la mémoire cache, le processeur 200 met à jour la mémoire cache du dispositif de formation de règles 100 en incluant celle-ci ainsi qu'une heure associée à l'adresse. Cette heure associée à l'adresse est l'heure de l'inclusion de l'adresse dans la mémoire cache.In step E305, the processor 200 updates the cache memory of the rule-forming device 100. This cache memory is included in the random access memory 203 of the rule-forming device 100. In the cache memory is stored the set source or destination addresses read by the processor 200 during previous passages in step E303 or E304. When the address previously read in step E303 or E304 does not exist in the cache memory, the processor 200 updates the cache memory of the rule-forming device 100 by including it and a time associated with the address. This time associated with the address is the time of inclusion of the address in the cache memory.

Lorsque l'adresse précédemment lue à l'étape E303 ou E304 est déjà présente dans la mémoire cache, le processeur 200 met à jour la mémoire cache du dispositif de formation de règles 100 en remplaçant l'heure d'inclusion de l'adresse par l'heure courante du dispositif de formation de règles 100. Cette heure courante constitue alors l'heure associée à l'adresse. Les étapes E301 et E305 constituent un mécanisme de gestion de la durée de vie des adresses mémorisées dans la mémoire cache.When the address previously read in step E303 or E304 is already present in the cache memory, the processor 200 updates the cache memory of the rule-forming device 100 by replacing the time of inclusion of the address with the current time of the rule formation device 100. This current time is then the time associated with the address. Steps E301 and E305 provide a mechanism for managing the lifetime of the addresses stored in the cache memory.

Selon un mode préféré de réalisation, le processeur 200 mémorise en association avec l'adresse, des informations telles que le numéro de port de l'application destinatrice de la trame d'informations ou l'adresse du fournisseur de services destinataire de la trame d'informations dans le réseau de télécommunication 180. Un numéro de port est obtenu en lisant des champs prédéterminés de paquets conformes au protocole IP, TCP/IP ou UDP comprenant les trames Ethernet comprenant les adresses. TCP/IP est l'acronyme de Transmission Control Protocol/ Internet Protocol, UDP est l'acronyme de User Datagram Protocol.According to a preferred embodiment, the processor 200 stores, in association with the address, information such as the port number of the destination application of the information frame or the address of the service provider receiving the frame of the frame. Information in the telecommunications network 180. A port number is obtained by reading predetermined fields of packets conforming to the IP, TCP / IP or UDP protocol comprising Ethernet frames including the addresses. TCP / IP is the acronym for Transmission Control Protocol / Internet Protocol, UDP stands for User Datagram Protocol.

Cette opération effectuée, le processeur 200 vérifie à l'étape E306 s'il existe un profil associé à l'adresse précédemment lue dans la mémoire cache du dispositif de formation de règles 100. S'il existe un profil associé à l'adresse précédemment lue dans la mémoire cache, le processeur 200 passe ensuite à l'étape E307 et lit le profil du client dans la mémoire cache. Le processeur 200 passe ensuite à l'étape E311.When this is done, the processor 200 checks in step E306 if there is a profile associated with the address previously read in the cache memory of the rule-forming device 100. If there is a profile associated with the address previously read in the cache memory, the processor 200 then proceeds to step E307 and reads the client profile in the cache memory. The processor 200 then proceeds to step E311.

Il est à remarquer ici qu'en variante, si le profil du client est présent dans la mémoire cache du dispositif de formation de règles 100 depuis un temps prédéterminé, par exemple 24 heures, le processeur 200 effectue l'étape E308 à la place de l'étape E307.It should be noted here that, alternatively, if the client profile is present in the cache memory of the rule-forming device 100 for a predetermined time, for example 24 hours, the processor 200 performs step E308 in place of step E307.

S'il n'existe pas dans la mémoire cache de profil associé à l'adresse précédemment lue, le processeur 200 passe ensuite à l'étape E308. Le processeur 200 commande à l'étape E308 l'obtention du profil du client dont l'adresse a été lue aux étape E303 ou E304. Plus précisément, le processeur 200 commande la génération d'une requête pour l'obtention du profil du client dont l'adresse a été lue aux étape E303 ou E304. Le profil du client est mémorisé dans la base de données 120. Pour cela, le dispositif de formation de règles 100 comprend un module logiciel client par exemple un module RADIUS qui émet des requêtes d'obtention de profil à la base de données 120 qui est dans cet exemple un serveur de type RADIUS 120. RADIUS est l'acronyme de « Remote Authentification Dial In User Service ». La base de données 120, à partir de l'adresse communiquée par le dispositif de formation de règles 100, identifie le profil du client ayant la même adresse que l'adresse transférée par le dispositif de formation de règles 100 et transfère en retour les différentes informations comprises dans le profil.If it does not exist in the profile cache associated with the address previously read, the processor 200 then proceeds to step E308. The processor 200 controls in step E308 obtaining the profile of the client whose address has been read in steps E303 or E304. More specifically, the processor 200 controls the generation of a request for obtaining the profile of the client whose address has been read in steps E303 or E304. The client profile is stored in the database 120. For this purpose, the rule-forming device 100 comprises a client software module, for example a RADIUS module, which sends requests for obtaining a profile to the database 120 which is in this example a RADIUS 120 type server. RADIUS is the acronym for "Remote Authentication Dial In User Service". The database 120, from the address communicated by the rule-forming device 100, identifies the profile of the client having the same address as the address transferred by the rule-forming device 100 and transfers the different information included in the profile.

Le profil comprend les règles de sécurité que le client 110 a choisi. Ces règles de sécurité sont par exemple des règles visant à autoriser ou non le transfert de trames d'informations à destination d'une ou plusieurs applications du client 110. Le profil comprend aussi des informations décrivant le ou les débits que le client a choisi lors de son abonnement à un fournisseur de services. Les informations décrivant le ou les débits choisis par le client 110 sont le contrat de trafic établi entre le client et le fournisseur de services.The profile includes the security rules that Client 110 has chosen. These security rules are, for example, rules to authorize or not the transfer of information frames to one or more applications of the client 110. The profile also includes information describing the bit rate or rates that the client has chosen during his subscription to a service provider. The information describing the rate (s) chosen by the customer 110 is the traffic contract established between the customer and the service provider.

Cette opération effectuée, le processeur 200 passe à l'étape suivante E309. A cette étape, le processeur 200 vérifie si un profil a été transféré en réponse par la base de données 120. Si aucun profil a été transféré, le processeur 200 passe à l'étape E310.Once this is done, the processor 200 proceeds to the next step E309. At this stage, the processor 200 checks whether a profile has been transferred in response by the database 120. If no profile has been transferred, the processor 200 proceeds to step E310.

A l'étape E310, le processeur 200 effectue un traitement sur la trame reçue à l'étape E300. Cette trame est par exemple une trame de supervision du réseau et n'est pas destinée à un client 110, mais aux différents éléments du réseau de collecte 150. Le traitement est par exemple un transfert de la trame reçue à l'étape E300 sur le réseau de collecte 150. Cette opération effectuée, le processeur 200 retourne à l'étape E300 en attente d'une nouvelle trame d'informations à traiter.In step E310, the processor 200 performs a processing on the frame received in step E300. This frame is for example a network supervision frame and is not intended for a client 110, but for the different elements of the collection network 150. The processing is for example a transfer of the frame received in step E300 on the 150. This operation performed, the processor 200 returns to step E300 waiting for a new information frame to be processed.

Si un profil a été transféré, le processeur 200 passe de l'étape E309 à l'étape E311. A cette étape, le processeur 200 forme à partir des différentes informations contenues dans le profil obtenu à l'étape E307 ou E308 un ensemble de règles de traitement d'une trame d'informations sous la forme de listes d'accès ou « Access List », de filtres, de classes et de disciplines de service qui sont appliquées sur les trames d'informations qui ont l'adresse correspondant celle de la liste d'accès ou des filtres. Une liste d'accès est par exemple de la forme suivante :

  • « acl acl_100 accept ip src any dst 10.10.0.1 sp any dp 80»
  • « acl acl_100 deny ip src any dst 10.10.0.1 sp any dp 90»
If a profile has been transferred, processor 200 proceeds from step E309 to step E311. At this stage, the processor 200 forms from the various information contained in the profile obtained in step E307 or E308 a set of rules for processing an information frame in the form of access lists or "Access List". , Filters, classes and service disciplines that are applied to information frames that have the address corresponding to that of the access list or filters. An access list is for example of the following form:
  • "Acl acl_100 accept ip src any dst 10.10.0.1 sp any dp 80"
  • "Acl acl_100 deny ip src any dst 10.10.0.1 sp any dp 90"

La liste d'accès 100 comprend ici deux règles. La première règle autorise les trames d'informations en provenance de quiconque (any) et à destination du client 10.10.0.1 sur le port destination 80. La seconde règle rejette les trames d'informations en provenance de quiconque (any) et à destination du client 10.10.0.1 sur le port destination 90.The access list 100 here comprises two rules. The first rule allows frames of information from anyone (any) and to the client 10.10.0.1 on the destination port 80. The second rule rejects frames of information from anyone (any) and to the destination. client 10.10.0.1 on the destination port 90.

Le processeur 200 forme, à partir des différentes informations représentatives de débit contenues dans le profil obtenu à l'étape E307 ou E308, une classe de service décrivant le contrat de trafic du client 110. Les trames d'informations traitées par la classe de service sont ensuite transférées sur le réseau de collecte 150 ou le réseau Internet 180 conformément au contrat de service décrit dans la définition de la classe de service. Il est à remarquer ici que ces trames d'informations sont préalablement à leur transfert, placées dans une file d'attente. Le processeur 200 commande alors un algorithme d'application de la discipline de service. L'algorithme d'application de la discipline de service assure le transfert des trames d'informations placées dans la file d'attente sur le réseau collecte 150 ou le réseau Internet 180.The processor 200 forms, from the different flow representative information contained in the profile obtained in the step E307 or E308, a service class describing the traffic contract of the client 110. The information frames processed by the class of service are then transferred to the collection network 150 or the Internet network 180 in accordance with the service contract described in the class of service definition. It should be noted here that these frames of information are prior to their transfer, placed in a queue. The processor 200 then controls an application algorithm of the service discipline. The service discipline enforcement algorithm transfers the information frames queued to the collection network 150 or the Internet network 180.

A titre d'exemple et de manière non limitative, le client 110a dispose d'un abonnement à un fournisseur de services dont le débit maximum est de 8 Mégabits par seconde. Le client 110a dispose de deux serveurs, un serveur VIDEO et un serveur WEB accessibles par des tiers. Le client 110a, afin qu'une certaine qualité dans la transmission de vidéo soit garantie, a choisi un contrat stipulant qu'un débit de 7,8 Mégabits par seconde doit être garanti pour le serveur vidéo. Le serveur Web quand à lui, ne dispose alors que d'un débit garanti de 200 Kilobits. Ces informations sont comprises dans le profil de l'abonné 110a mémorisé dans la base de données 120.By way of example and without limitation, the client 110a has a subscription to a service provider whose maximum bit rate is 8 megabits per second. The client 110a has two servers, a VIDEO server and a WEB server accessible by third parties. The client 110a, so that a certain quality in the transmission of video is guaranteed, has chosen a contract stipulating that a rate of 7.8 Megabits per second must be guaranteed for the video server. The Web server when he then only has a guaranteed speed of 200 Kilobits. This information is included in the profile of the subscriber 110a stored in the database 120.

Le processeur 200 à partir de ce profil, forme les règles d'application suivantes :

  • REGLE Client_110a_WEB ip src any dest IP_CLIENT_110a TCP sport any dport WEB_PORT
  • REGLE Client_110a_VIDEO ip src any dest IP_CLIENT_110a UDP sport any dport VIDEO_PORT
The processor 200 from this profile forms the following application rules:
  • Client_110a_WEB rule ip src any destination IP_CLIENT_110a TCP sport any dport WEB_PORT
  • RULE Client_110a_VIDEO ip src any destination IP_CLIENT_110a UDP sport any dport VIDEO_PORT

La première règle décrit les paquets IP à destination du serveur WEB du client 110a et en provenance de quiconque.The first rule describes the IP packets to the 110a client's web server from anyone.

La seconde règle décrit les paquets IP à destination du serveur VIDEO du client 110a en provenance de quiconque.The second rule describes the IP packets to the 110a client's VIDEO server from anyone.

Le processeur 200 à partir du profil obtenu, créé les classes de services associées :

  • Service_Class name 200_kbits rate strict 200kbits/s burst 0
  • Service_Class name 7800_kbits rate strict 7800kbits/s burst 0
The processor 200 from the obtained profile, creates the classes of associated services:
  • Service_Class name 200_kbits rate strict 200kbits / s burst 0
  • Service_Class name 7800_kbits rate strict 7800kbits / s burst 0

Finalement, le processeur 200 forme les associations suivantes entre les descripteurs de type de trafics et les classes :

  • Apply regle Client_110a_WEB to Service_Class 200_kbits
  • Apply regle Client_110a_VIDEO to Service_Class 7800_kbits
Finally, the processor 200 forms the following associations between the traffic type descriptors and the classes:
  • Apply client_110a_WEB rule to Service_Class 200_kbits
  • Apply rule Client_110a_VIDEO to Service_Class 7800_kbits

Lorsque le processeur 200 a formé les règles de traitement à partir du profil du client 110, le processeur 200 passe à l'étape suivante E312.When the processor 200 has formed the processing rules from the client profile 110, the processor 200 proceeds to the next step E312.

A cette étape, la trame d'informations est traitée selon les règles de traitement préalablement formées. Le traitement consiste alors en un transfert de la trame d'informations à destination du réseau 150 ou 180 ou à un rejet de celle-ci.At this stage, the information frame is processed according to the previously formed processing rules. The processing then consists of a transfer of the information frame to the network 150 or 180 or a rejection thereof.

Selon l'exemple précédent, les paquets conformes à la règle Client_110a_WEB sont dirigés dans la classe de service 200_kbits, tandis que les paquets conformes à la règle Client_1 10a_VIDEO sont dirigés dans la classe de service 7800_kbits.According to the previous example, Client_110a_WEB-compliant packets are routed in the 200_kbits service class, while Client_1 10a_VIDEO compliant packets are routed in the 7800_kbits service class.

Claims (11)

  1. Method of forming processing rules for an information frame passing between two telecommunication networks (150, 180) via a rule-forming device (100), customers (110) being linked to a telecommunication network (150) via a customer line digital multiplexer (130), the information frame being intended for at least one customer or sent by a customer linked to the telecommunication network (150), each customer linked to the telecommunication network having an address that is different from the addresses of the other customers linked to the telecommunication network, characterized in that the method comprises the following steps performed by the rule-forming device for each frame received :
    - reading (E303, E304) an address of a customer in the information frame received by the rule-forming device,
    - obtaining (E307, E308) a customer profile from the address read in the frame, the profile comprising information representative of services subscribed to by the customer,
    - forming (E311) processing rules for the received information frame based on the obtained customer profile so as to take into account a modification of the customer profile.
  2. Method according to Claim 1, characterized in that the method comprises a step (E312) for processing the information frame based on the duly formed processing rules.
  3. Method according to Claim 1 or 2, characterized in that the customer profile is obtained from a database (120) comprising the profiles of customers linked to the telecommunication network remote from the rule-forming device or obtained from the temporary memory of the rule-forming device.
  4. Method according to Claim 3, characterized in that the customer profiles are stored in the temporary memory of the rule-forming device and the profiles of customers whose addresses have not been read in an information frame for a predetermined time are deleted (E301) from the temporary memory of the rule-forming device.
  5. Method according to any one of Claims 1 to 4, characterized in that a service subscribed to by the customer is a service in which at least one application, out of all the applications of the customer, is authorized or not authorized to receive information, the authorized or unauthorized application has an associated identifier, and in that at least a part of the information frame is included in a data packet including at least an identifier of the application of the customer receiving the information frame, and if the identifier of the application receiving the information frame included in the data packet is the identifier of the authorized application or is not the identifier of the unauthorized application, the information frame is transmitted over the telecommunication network to which the customers are linked, or vice versa otherwise.
  6. Method according to any one of Claims 1 to 5, characterized in that a service subscribed to by the customer is a service in which the quantity of information transmitted and/or received by the customer is limited in a predetermined time slot and in that if the quantity of information transmitted and/or received by the customer is greater than a service limit subscribed to by the customer, the frame is not transmitted over the telecommunication network to which the customers are linked.
  7. Method according to any one of Claims 1 to 6, characterized in that if no profile is obtained from the address read, the method includes a step for processing the information frame.
  8. Method according to any one of Claims 1 to 7, characterized in that the telecommunication network to which the customers are linked is a GigaEthernet© access network, the other telecommunication network is an Internet-type network and the rule-forming device is a gateway.
  9. Method according to Claim 8, characterized in that the address of the customer is an MAC address or an IPv6 address or an address assigned respectively to each customer by the customer line digital multiplexer.
  10. Device for forming processing rules for an information frame passing between two telecommunication networks, customers (110) being linked to a telecommunication network (150) via a customer line digital multiplexer (130), the information frame being intended for at least one customer or sent by a customer linked to the telecommunication network, each customer linked to the telecommunication network having an address that is different from the addresses of the other customers linked to the telecommunication network, characterized in that the rule-forming device comprises:
    - means of reading an address of a customer in each information frame received by the rule-forming device,
    - means of obtaining a customer profile from each address read, each profile comprising information representative of services subscribed to by the customer,
    - means of forming processing rules for the information frame from each customer profile obtained to take account of a modification of the customer profile.
  11. Computer program stored on an information medium, said program comprising instructions making it possible to implement the steps of the method according to any one of Claims 1 to 9, when it is loaded and run by an information processing system.
EP04290585A 2004-03-03 2004-03-03 Method and apparatus for generating rules of treating an information frame Expired - Lifetime EP1571782B1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
AT04290585T ATE385096T1 (en) 2004-03-03 2004-03-03 METHOD AND DEVICE FOR GENERATING RULES FOR TREATING AN INFORMATION FRAMEWORK
DE602004011468T DE602004011468T2 (en) 2004-03-03 2004-03-03 Method and device for generating rules for handling an information frame
ES04290585T ES2300720T3 (en) 2004-03-03 2004-03-03 PROCEDURE AND DEVICE FOR THE FORMATION OF RULES OF TREATMENT OF AN INFORMATION FRAME.
EP04290585A EP1571782B1 (en) 2004-03-03 2004-03-03 Method and apparatus for generating rules of treating an information frame

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP04290585A EP1571782B1 (en) 2004-03-03 2004-03-03 Method and apparatus for generating rules of treating an information frame

Publications (2)

Publication Number Publication Date
EP1571782A1 EP1571782A1 (en) 2005-09-07
EP1571782B1 true EP1571782B1 (en) 2008-01-23

Family

ID=34746164

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04290585A Expired - Lifetime EP1571782B1 (en) 2004-03-03 2004-03-03 Method and apparatus for generating rules of treating an information frame

Country Status (4)

Country Link
EP (1) EP1571782B1 (en)
AT (1) ATE385096T1 (en)
DE (1) DE602004011468T2 (en)
ES (1) ES2300720T3 (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5987611A (en) * 1996-12-31 1999-11-16 Zone Labs, Inc. System and methodology for managing internet access on a per application basis for client computers connected to the internet
US6625650B2 (en) * 1998-06-27 2003-09-23 Intel Corporation System for multi-layer broadband provisioning in computer networks
US6553375B1 (en) * 1998-11-25 2003-04-22 International Business Machines Corporation Method and apparatus for server based handheld application and database management
NL1011524C2 (en) * 1999-03-10 2000-09-12 Koninkl Kpn Nv Encryption of user subscription in IP address.

Also Published As

Publication number Publication date
ATE385096T1 (en) 2008-02-15
DE602004011468D1 (en) 2008-03-13
EP1571782A1 (en) 2005-09-07
DE602004011468T2 (en) 2009-01-22
ES2300720T3 (en) 2008-06-16

Similar Documents

Publication Publication Date Title
EP1738526B1 (en) Method and system of accreditation for a client enabling access to a virtual network for access to services
EP3053303B1 (en) Method for subscribing to streams coming from multicast clients
WO2005096587A1 (en) Method and system enabling a client to access services provided by a service provider
EP2095570B1 (en) System for reserving bandwidth for different classes of traffic
WO2003065650A2 (en) Method and device for transmission of entitlement management messages
WO2011012569A1 (en) Method and system for automatic selection of transmission media
EP1964359B1 (en) Method and system for updating the telecommunication network service access conditions of a telecommunication device
EP1571782B1 (en) Method and apparatus for generating rules of treating an information frame
FR3023093A1 (en) METHOD FOR AUTHORIZING THE ESTABLISHMENT OF A PAIR TO BE MIXED IN A MOBILE TELECOMMUNICATIONS NETWORK
EP2064845B1 (en) Method for configuring the service quality profile of a given flow at the access node of a packet communication network
EP3430777B1 (en) Method and system for dynamically managing communication pathways between routers depending on application requirement
EP2815547B1 (en) Technique for processing a data stream between a server and a client entity
EP3811587A1 (en) Method for editing messages by a device on a communication path established between two nodes
EP2031809B1 (en) Method for processing data streams in a telecommunication network
EP3235217A1 (en) Method for data exchange between web browsers, and routing device, terminal, computer program and storage medium therefor
WO2010128228A1 (en) Technique for processing data streams in a communication network
WO2014135793A1 (en) Method for allocating resources for implementing virtual networks in a telecommunication network
EP2476225B1 (en) Method and system for controlling the routing of a data stream from a class of service through a meshed and encrypted network
EP3949287A1 (en) Gateway and method for differentiating traffic transmitted by the gateway, traffic management device and method
FR2979505A1 (en) Method for inserting intermediate equipment in communication channel connecting e.g. smartphones, of voice over Internet protocol communication system, involves transmitting modified response message to user terminal
FR3127663A1 (en) Method of controlling access to an application service, method of processing a message controlling access to said service, devices, system and corresponding computer programs.
FR2885464A1 (en) METHOD AND DEVICE FOR CONTROLLING ACCESS
FR3109255A1 (en) Method implemented by an intermediate entity to manage a communication between two communication devices
WO2007099266A2 (en) Device and method for routing data flows associated with ip services
WO2007101962A1 (en) Multilayer mechanism for regulating the rate of a tcp data flow in a full duplex ethernet high-volume network

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL LT LV MK

17P Request for examination filed

Effective date: 20060213

AKX Designation fees paid

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

17Q First examination report despatched

Effective date: 20060316

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

Free format text: LANGUAGE OF EP DOCUMENT: FRENCH

REF Corresponds to:

Ref document number: 602004011468

Country of ref document: DE

Date of ref document: 20080313

Kind code of ref document: P

GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

Effective date: 20080501

REG Reference to a national code

Ref country code: ES

Ref legal event code: FG2A

Ref document number: 2300720

Country of ref document: ES

Kind code of ref document: T3

NLV1 Nl: lapsed or annulled due to failure to fulfill the requirements of art. 29p and 29m of the patents act
PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080123

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080123

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080423

BERE Be: lapsed

Owner name: FRANCE TELECOM

Effective date: 20080331

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080123

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080123

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080623

REG Reference to a national code

Ref country code: IE

Ref legal event code: FD4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080423

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080123

Ref country code: IE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080123

Ref country code: MC

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20080331

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080123

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080123

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080123

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080123

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20081024

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20080331

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20080331

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080123

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20080331

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080123

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20080303

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080724

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080123

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080424

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 13

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 14

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 15

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: IT

Payment date: 20210217

Year of fee payment: 18

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20210219

Year of fee payment: 18

Ref country code: DE

Payment date: 20210217

Year of fee payment: 18

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: ES

Payment date: 20210401

Year of fee payment: 18

REG Reference to a national code

Ref country code: DE

Ref legal event code: R119

Ref document number: 602004011468

Country of ref document: DE

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20220303

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20220303

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20221001

REG Reference to a national code

Ref country code: ES

Ref legal event code: FD2A

Effective date: 20230427

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20230222

Year of fee payment: 20

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20220303

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: ES

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20220304